TLS connections

You can configure TLS clients and TLS servers on the IBM® MQ Appliance.

Note: For securing IBM MQ channels using TLS, see TLS certificate management.

You can specify that the appliance acts as a TLS client when connecting to the LDAP server. If you use this option, user credentials are encrypted when sent to the LDAP server, so user passwords are never sent across the network in plain text. See User authentication with LDAP and TLS Client Profile commands

You can specify that the appliance acts as a TLS server to set up secure connections to the web UI and the REST administrative interface on the appliance. To set up secure communication between a browser and the IBM MQ Appliance web UI or the REST interface and to handle certificates, you create an TLS server profile. You import the required certificates and key file to the appliance, and create definition objects for them. The definition objects are used when you create an ID credentials (idcred) object for the appliance. The idcred is in turn used when you configure the TLS server profile. Finally, the TLS server profile is associated with your web management profile or REST profile. See Configuring certificates for IBM MQ Appliance web UI, Configuring certificates for the REST management interface, and TLS Server Profile commands.